CVE-2022-23943
mod_sed: Read/write beyond bounds
In short
A flaw in Apache's mod_sed module allows attackers to write data beyond the intended memory boundaries, potentially corrupting the server's memory and causing it to crash or behave unpredictably.
Technical detail
An out-of-bounds write vulnerability in mod_sed permits an attacker to overwrite heap memory via a crafted request, exploiting improper bounds checking in the sed stream editor module. The vulnerability affects Apache HTTP Server versions 2.4.52 and earlier; successful exploitation may lead to denial of service or arbitrary code execution depending on memory layout and attacker control over written data.
Summary generated and translated by AI from the official description.
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.
Affected products
Apache Software Foundation · Apache HTTP ServerWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://httpd.apache.org/security/vulnerabilities_24.htmlhttps://lists.debian.org/debian-lts-announce/2022/03/msg00033.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/https://security.gentoo.org/glsa/202208-20https://security.netapp.com/advisory/ntap-20220321-0001/https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.tenable.com/security/tns-2022-08https://www.tenable.com/security/tns-2022-09http://www.openwall.com/lists/oss-security/2022/03/14/1